KEY DISTRIBUTION

US 20100239095A1
Filed: 04/30/2010
Published: 09/23/2010
Est. Priority Date: 11/30/2004
Status: Active Grant

First Claim

Patent Images

1. A machine-implemented method to execute on a router, comprising:

servicing, by the router, network transactions for a participant, the network transactions are encrypted with a first key;

detecting, by the router, a transition of the participant to a neighboring network serviced by a neighboring service provider;

contacting, by the router, the neighboring service provider on behalf of the participant to acquire a second key for use with other network transactions serviced through the neighboring service provider, the other network transactions are encrypted with the second key; and

distributing, by the router, the second key to the participant for transitioning to the participant to the neighboring service provider.

View all claims

15 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems are provided for trusted key distribution. A key distribution or an identity service acts as an intermediary between participants to a secure network. The service provisions and manages the distribution of keys. The keys are used for encrypting communications occurring within the secure network.

98 Citations

View as Search Results

20 Claims

1. A machine-implemented method to execute on a router, comprising:
- servicing, by the router, network transactions for a participant, the network transactions are encrypted with a first key;
  
  detecting, by the router, a transition of the participant to a neighboring network serviced by a neighboring service provider;
  
  contacting, by the router, the neighboring service provider on behalf of the participant to acquire a second key for use with other network transactions serviced through the neighboring service provider, the other network transactions are encrypted with the second key; and
  
  distributing, by the router, the second key to the participant for transitioning to the participant to the neighboring service provider.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein detecting further includes noticing a degradation in signal strength from the participant indicating the transition is approaching.
  - 3. The method of claim 1, wherein contacting further includes authenticating to the neighboring service provider.
  - 4. The method of claim 1, wherein contacting further includes authenticating to an identity service for acquiring an authentication mechanism which is processed to authenticate to the neighboring service provider.
  - 5. The method of claim 1, wherein contacting further includes acquiring the second key from an identity service.
  - 6. The method of claim 1 further comprising, determining, by the router, an identity for the neighboring service provider via interactions with an identity service.
  - 7. The method of claim 1 further comprising, determining, by the router, an identity for the neighboring service provider from a list of available neighboring service providers based at least in part on a direction from which signals are being received from the participant.

8. A machine-implemented method to execute on a router, comprising:
- moving, by the router, a connection of a processing device from a local homogeneous secure network to a heterogeneous secure network when the processing device is determined to in process of transitioning out of the homogeneous secure network service area;
  
  acquiring, by the router, a second key from a neighboring service provider before the processing device transitions out of the homogeneous secure network service area;
  
  configuring, by the router, the processing device to use encrypted communications that utilize the second key when the processing device transitions to the heterogeneous secure network of the neighboring service provider.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein acquiring further includes using, by the router, a key distribution service or an identity service of the neighboring service provider to acquire the second key.
  - 10. The method of claim 9, wherein using further includes, authenticating, by the router, to the key distribution service or the identity service before acquiring the second key.
  - 11. The method of claim 9, wherein acquiring further includes, enlisting, by the router, a third-party service to provide an identity and authentication mechanism for interacting with the neighboring service provider.
  - 12. The method of claim 9, wherein acquiring further includes, accessing, by the router service, a predefined list of available neighboring service providers to identify and interact with the neighboring service provider.
  - 13. The method of claim 9, wherein acquiring further includes monitoring, by the router, signal degradation to acquire the second key when the signal degradation falls below a threshold established via a policy managed by the router.
  - 14. The method of claim 9 further comprising, migrating an Internet Protocol (IP) address of the processing device from a first IP address to a second and new IP address when the processing device is migrated to the neighboring service provider.

15. A machine-implemented system, comprising:
- a key distribution service configured to interact with a router and to authenticate the router and to provide the router with a new encryption key for an edge device that is transitioning from a first secure network to a second secure network.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein the key distribution service is enabled to interact with participants in both the first and second secure networks.
  - 17. The system of claim 15, wherein the router is configured to forward unrecognized traffic in the first secure network to the key distribution service within the second secure network.
  - 18. The system of claim 15, wherein the key distribution service is enabled to manage key entropy policies for both the first and second secure networks.
  - 19. The system of claim 15, wherein the router is preconfigured to identify and interact with the key distribution service.
  - 20. The system of claim 15, wherein the router is configured to dynamically identify and dynamically interact with the key distribution service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus Software, Inc. (Open Text Corporation)
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
McClain, Carolyn B., Carter, Stephen R.

Granted Patent

US 8,731,200 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/278
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 63/062   for key distribution, e.g. ...

H04L 63/08   for authentication of entit...

H04L 9/083   involving central third par...

H04L 9/0891   Revocation or update of sec...

H04W 12/0431   Key distribution or pre-dis...

H04W 84/12   WLAN [Wireless Local Area N...

KEY DISTRIBUTION

First Claim

15 Assignments

0 Petitions

Accused Products

Abstract

98 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

KEY DISTRIBUTION

First Claim

15 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

98 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links